Similar documents
10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group

Electronic Records Storage Options and Overview

Introduction to Cloud Services

Sean Horne CTO EMC UKI. The leakage of Intellectual Property.. .and the risk of Privacy, Trustworthiness, Governance and Data Breaches

About me & Submission details

How To Understand Cloud Computing

Quick guide: Using the Cloud to support your business

Datacenter Hosting - The Best Form of Protection

Whitepaper: Cloud Computing for Credit Unions

RSS Cloud Solution COMMON QUESTIONS

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015

Recommended IP Telephony Architecture


Security Threat Risk Assessment: the final key piece of the PIA puzzle

Is Cloud Accounting Right for Your Business? An Educational Report

Client Security Risk Assessment Questionnaire

MANAGED MICROSOFT AZURE SERVICES

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Session 11 : (additional) Cloud Computing Advantages and Disadvantages

How cloud computing can transform your business landscape

Web-Based Data Backup Solutions

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

Usage of OPNET IT tool to Simulate and Test the Security of Cloud under varying Firewall conditions

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011

Computing: Public, Private, and Hybrid. You ve heard a lot lately about Cloud Computing even that there are different kinds of Clouds.

Key Considerations and Major Pitfalls

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages

Hosted SharePoint. OneDrive for Business. OneDrive for Business with Hosted SharePoint. Secure UK Cloud Document Management from Your Office Anywhere

FOR THE FUTURE OF DATA CENTERS?

1110 Cool Things Your Firewall Should Do. Extending beyond blocking network threats to protect, manage and control application traffic

Securing the Service Desk in the Cloud

In the Cloud. Scoville Memorial Library February, 2013

Supplier Security Assessment Questionnaire

Table of Contents. About the book. Copyright. Preface. About the author. Cloud Computing. Amazing Types of Cloud Computing

Print4 Solutions fully comply with all HIPAA regulations

FDIC Division of Supervision and Consumer Protection

The Cloud On A Clear Day. Neal Juern

How To Control Your Network With A Firewall On A Network With An Internet Security Policy On A Pc Or Ipad (For A Web Browser)

Designing and Deploying Cloud Solutions for Small and Medium Business

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

CyberSecurity & Keeping your data safe. October 20, 2015

White Paper How Noah Mobile uses Microsoft Azure Core Services

How To Use Egnyte

EndPoint Device Secures Files Transferring and Sharing

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

qwertyuiopasdfghjklzxcvbnmqwertyui opasdfghjklzxcvbnmqwertyuiopasdfgh jklzxcvbnmqwertyuiopasdfghjklzxcvb nmqwertyuiopasdfghjklzxcvbnmqwer

Cyber Self Assessment

Cloud computing an insight

Projectplace: A Secure Project Collaboration Solution

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?

With Eversync s cloud data tiering, the customer can tier data protection as follows:

What Dropbox Can t Do For Your Business

Module 1: Facilitated e-learning

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October Page 1 of 9

KeyLock Solutions Security and Privacy Protection Practices

E-Business, E-Commerce

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

Cloud Computing TODAY S TOPICS WHAT IS CLOUD COMPUTING? ICAC Webinar Cloud Computing September 4, What Cloud Computing is and How it Works

Software as a Service (SaaS)

Cloud Backup GLOSSARY

Internet threats: steps to security for your small business

Getting a Secure Intranet

Cloud Computing Phillip Hampton LogicForce Consulting, LLC

Information Security Basic Concepts

Server Virtualization Cloud Partner Training Series

SNAP WEBHOST SECURITY POLICY

The benefits of Cloud Computing

Cloud Computing Secured. Thomas Mitchell CISSP. A Technical Communication

Private vs. Public Cloud Solutions

Future- Building a. Business: The Ultimate Guide. Business to

Hosting Services VITA Contract VA AISN (Statewide contract available to any public entity in the Commonwealth)

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

Five keys to a more secure data environment

Making the leap to the cloud: IS my data private and secure?

Cloud Computing and the Lure of Hosted Solutions

Are You in Control? MaaS360 Control Service. Services > Overview MaaS360 Control Overview

Healthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service

Backups and Cloud Storage

Credit Unions and The Cloud. By: Chris Sachse

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

How Small to Medium-Sized Businesses Can Leverage the Cloud in Secure, Money-Saving Ways A White Paper by CMIT Solutions

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

I. EXECUTIVE SUMMARY. Date: June 30, Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services

Network & Information Security Policy

Providing a quality IT Support & Consultancy service in the South East

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

Virtual Desktop Infrastructure

Software as a Service (SaaS)

Data Backup Options for SME s

Firewalls Overview and Best Practices. White Paper

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Software as a Service (SaaS) Requirements

Xerox Litigation Services. In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk

4 Ways an Information Security Analyst Improves Business Productivity

Transcription:

Welcome!

What We Do At IntelliSystems, our goal is to get Information Technology and telecommunications management out of your way so that you can focus on your business.

Historical PC Business Network A Brief Overview

Historical PC Business Networks Client/Server Architecture Local Software, Storage, and Network Resources Remote Control of Host PCs Terminal Services VPN Local Firewall

What Is A Firewall? A network firewall is a network device that is designed to resist the passage of undesirable network traffic from one side to another Primarily, firewalls allow or block network traffic between devices based upon rules set up by the firewall administrator A majority of small businesses don t have one

The Purpose of A Firewall? Packet Filtering: Manage access to Web sites and file transfers Virtual Private Network (VPN): encrypted access to company resources for external authorized users Authentication: Manage access to company resources Anti Spoofing i.e. when an individual attempting to access a blocked service alters the Web address in the message so that the traffic is allowed

The Purpose of A Firewall? Network Address Translation (NAT):Conversion of a public IP address to one or many private IP addresses Bandwidth management: priority for voice or video, or certain individual network users Block undesired network traffic (i.e. streaming audio & video) Intrusion Detection: Identify hacker attack patterns, alerts the IT staff, and terminates the connection with the hostile source Secondary malware protection

Cloud Computing A Brief Overview

What Is Cloud Computing While answering a question regarding cloud computing, Oracle s CEO Larry Ellison responded: "I have no idea what anyone is talking about, it s really just complete gibberish. What is it? When is this idiocy going to stop?"

What Is Cloud Computing Clever Re branding of old ideas Confusion: The technology industry loves buzzwords Warm & fuzzy marketing term that appeals to buyers Cloud computing implies vision Implies leveraging the infinite scale of the Internet Data ultimately resides in an almost make believe place known as the cloud

A Sampling of Re branded Cloud Services ASP (application service provider) Email Hosting (Gmail, Hotmail, etc ) Web Site Hosting E Commerce (Amazon, Volusion, ebay, Yahoo stores) Banking, Online Bill pay Discussion Forums Music sharing and download

A Selection of Cloud Services Supplemental Backup File Storage Telephone System or Line Service Applications Accounting, Sales Management, etc Applications Microsoft Office 365 On Demand Elastic Computing Power And much more

The Business Case for the Cloud Lower capital costs Capitalexpenditure is converted to an operational expenditure Scalability Pricing on a utility computing basis is fine grained with usage based options Reduced burden on IT Fewer IT skills are required for implementation

It Doesn t Have to be All or Nothing! The foreseeable future likely will reflect a hybrid environment Cloud services often will be overlaid on current business technology Many applications are simply not available

Device and Location Independence Enable users to access systems regardless of the device PC, ipad, mobile phone, etc Infrastructure is off site typically provided by a third party accessed via the Internet users can connect from anywhere

Dropbox (Google Drive, Microsoft SkyDrive) Concerns regarding security Rampant reuse of passwords (Gmail, Twitter, Facebook) Documents generally unencrypted Inability of management to control backup & ownership

What you should do? Monitor Dropbox use Compare cloud service security Beware of lackluster security cloud service practices Treat Dropbox as a public repository Restrict employees use centrally managed file storage

Most Cloud Providers Say: Trust Us, We re Secure Don t take them at their word

Assessing A Cloud Provider s Controls Questionnaires Standardized reports Technical audits Vulnerability scans White Hat penetration attempts They should take the same care of your data as you would

Information Week: Cloud Security Survey 27% have no plans to use public cloud services 48% cite leaks of customer and proprietary data The other 73% are worried 20% say the cloud provider security is better than their own 20% say the cloud provider security is as good as their own 19% say the cloud provider is better at some, worse at others 6% say the cloud provider security is worse than their own 35% say they have no idea (they re going on blind faith)

Companies Considering Cloud Service Should Take advantage of readily available security documentation

SSAE 16 Report Statements on Standards for Attestation Engagements 16 Replaces the SAS 70 Report Commonly recognized set of auditing standards Provider describes its security and technology controls Third party auditor reviews them Management attests that the controls are in place It doesn t lay out the ideal security environment It only describes the controls to which the provider attests Each provider s SSAE 16 is likely to contain different descriptions

What does the SSAE 16 Include? Five trust services principles Security Availability Processing integrity Confidentiality Privacy of personal information collected, used, retained, disclosed, and disposed

Cloud Security Alliance (CSA) Focused exclusively on security Describes best practices for cloud providers (i.e. Encryption, application security) Created the Security, Trust & Assurance Registry A free registry that documents cloud computing offerings Members include: Amazon Web Services, Microsoft Azure, and Terremark

The Vendor Lock In Problem Very little standardization between various cloud providers The company is married to the cloud provider Expensive & time consuming to migrate to another provider Cloud providers benefit by keeping things proprietary because it locks consumers into their environment Understand the exit strategy

Why the Marriage May Fail The cloud provider could be bought out by a larger company, and a bunch of policies change The cloud provider may increase their leasing costs The cloud provider may change the leasing term The provider may move abroad which may conflict with some legal requirements you may have Failure to meet security and availability promises

Your System and Data Is Finally Installed and Configured Perfectly How do I make sure it s always there when I need it? The poor man pays twice Russian Proverb

What Does A Backup and Disaster Recovery System Look Like?

What Should Be Backed Up? Data: Documents Accounting: Payables, Receivables, Inventory Databases: customer contacts, mailing list, Customer records: quotes, contracts Email Investment in Systems Servers and Server installation Network configuration

Conventional Backup Straight data Sometimes grandfathered with multiple drives or cartridges Pitfalls Does not safeguard network config, programs, and operating system File selections to be backed up may not be up to date Is it working? How do you know? Danger of overwriting previous good data with corrupt data What are the steps to get everything back to how it was? Who s responsible for periodically testing the restore process? Media: Tapes, external hard drives, thumb drives

Online Backup Examples: Carbonite, Mozy Simple document files are backed up Problematic Cloud limitations If files are large, or the collection of files is large Seeding Concerns with data being compromised Loss in shipping Unauthorized users gaining access Not encrypted

Backup and Disaster Recovery Solution Variety of techniques Starts with understanding what s important What s an acceptable timeframe for downtime If it takes days or weeks, will it put you out of business What is Plan B (we like to see Plan C, D, and E )

Backup Is Not A Product, It s A Process

Things That Do Not Work The backup fairy Ignoring the issue and hoping it will go away Assuming that someone else is taking care of it Assuming nothing will ever happen to your business Planning to do something someday Assuming that what you have, can do what you need

Questions To Ask What s being backed up Protected Is it working today How long will it take to get everything back and usable Who s responsible for making sure When was the last fire drill What is the plan if you have a fire, flood, etc. Could the business survive (50% don t)

Q R S T Circle Q if you have questions or if you would like me to follow up Circle R if you have a referral or know someone that needs help Circle S if you think you might need a speaker at another event Circle T if you would like me to follow you on Twitter (write your handle on the back of your card)

Thank you for Attending!!!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information